<?
$reqlevel = 1;
require_once("../domain/Signup.php");
require_once("../services/SignupService.php");
require_once("../domain/Log.php");
require_once("../services/LogService.php");
require_once("../domain/AccessPage.php");
require_once("../services/AccessPageService.php");
require_once("../domain/Access.php");
require_once("../services/AccessService.php");
require_once("../domain/Module.php");
require_once("../services/ModuleService.php");
include("membersonly.inc.php");


// VARIABLES FROM THE LINK
$set = $_POST["set"] . $_GET["set"];
$cat = $_POST["cat"] . $_GET["cat"]; // CATEGORY ID
$did = $_POST["did"] . $_GET["did"]; // DEVICE ID
$uid = $_POST["uid"] . $_GET["uid"]; // USER ID
$sid = $_POST["sid"] . $_GET["sid"]; // SERVICE ID
$soid = $_POST["soid"] . $_GET["soid"]; // SERVICE ORDER ID
$sodid = $_POST["sodid"] . $_GET["sodid"]; // SERVICE ORDER DETAIL ID
$gid = $_POST["gid"] . $_GET["gid"]; // GROUP ID
$cid = $_POST["cid"] . $_GET["cid"] . $_GET["cust_ID"] . $_POST["cust_ID"]; // CUSTOMER ID
$lid = $_POST["lid"] . $_GET["lid"]; // LOG ID
$pid = $_POST["pid"] . $_GET["pid"]; // PAGE ID
$for = $_POST["for"] . $_GET["for"]; // FOR 
$perm = $_POST["perm"] . $_GET["perm"]; // ID FOR PERMISSIONS
$what = $_POST["what"] . $_GET["what"];
$to = $_POST["to"] . $_GET["to"]; // TO VARIABLES
$modid = $_POST["modid"] . $_GET["modid"]; // GET ID OF THE MODULE

if (!$act) { header ("Location: in.php?e=1"); }

if ($act == "save") { 
// #1 SAVE INFORMATION SENT FROM THE FORM


	if ($what == "profile") {
		// #2 SAVE INFORMATION FROM MY PROFILE TAB
		
		if ($cat == "info") {
			// #3 SAVE PERSONAL INFORMATION
				/* LETS GET THE DATA FROM THE FORM */
			$finfo_user_fname = $_POST["finfo_user_fname"];
			$finfo_user_lname = $_POST["finfo_user_lname"];
			$finfo_user_phone = $_POST["finfo_user_phone"];
			$finfo_user_email = $_POST["finfo_user_email"];
			$finfo_user_set_timeout = $_POST["finfo_user_set_timeout"];
			
			$update_info = "UPDATE `".$DBprefix."signup` SET `user_fname` = '$finfo_user_fname',`user_lname` = '$finfo_user_lname',`user_phone` = '$finfo_user_phone',`user_email` = '$finfo_user_email', `user_set_timeout` = '$finfo_user_set_timeout' WHERE `user_id` = '$info_user_id'";  
			$result = mysql_query($update_info); 


			
			header ("Location: in.php?show=profile&m=1");
		} else if ($cat == "password") {
			
			// SAVE NEW PASSWORD
				/* LETS GET THE PASSWORDS FROM THE FORM */
			$finfo_user_opass = md5($_POST["finfo_user_opass"]);
			$finfo_user_npass = $_POST["finfo_user_npass"];
			$finfo_user_anpass = $_POST["finfo_user_anpass"];
			
			// CHECK IF THE PASSWORD HAS ENOUGH CHARS
			if ($finfo_user_npass == "" && $finfo_user_anpass == "") { header ("Location: in.php?e=EMPTY"); brake(); }
			if (strlen($finfo_user_npass) > 4 && strlen($finfo_user_npass) < 10) {
			
			//CHECK IF THE PASSWORD IS NOT EMPTY AND MATCH THEM TOGETHER
			if ($finfo_user_npass == $finfo_user_anpass && $finfo_user_npass <> "") {
			
			// CHECK IF THE OLD PASSWORD IS MATCHING THE DATABASE
			$query = "SELECT * FROM `".$DBprefix."signup` WHERE user_id = '$info_user_id' AND user_pass = '$finfo_user_opass'";
			$result = mysql_query($query); 
				
				if ($row = mysql_fetch_array($result)){ 
				
				// LETS ENCRYPT THE PASSWORD
				$finfo_user_snpass = md5($finfo_user_npass);
				
				// UPDATE THE PASSWORD TO THE NEW ONE
				$query = "UPDATE `".$DBprefix."signup` SET user_pass = '$finfo_user_snpass' WHERE user_id = '$info_user_id'";  
				$result = mysql_query($query); 

				// UPDATE THE PASSWORD IN THE SESSION
				$_SESSION[user_pass] = $finfo_user_snpass;
				// REDIRECT DONE!
				header ("Location: in.php?m=2");
			
				} else {
				
				//it the check on the old password returns that it is incorrect we return that here.
				header ("Location: in.php?show=profile&view=password&e=4");
				}
			} else { header ("Location: in.php?show=profile&view=password&e=3"); }
			} else { header ("Location: in.php?show=profile&view=password&e=2"); }
		
			
				
		} else { header ( "Location: in.php?e=1"); } // END  SAVE PERSONAL INFORMATION

		 
		} // #2 END  SAVE INFORMATION FROM MY PROFILE TAB


	if ($what == "config") {
		// SAVE STUFF FROM CONFIG TAB
		
		$finfo_user_name = $_POST["finfo_user_name"];
		$finfo_user_fname = $_POST["finfo_user_fname"];
		$finfo_user_lname = $_POST["finfo_user_lname"];
		$finfo_user_phone = $_POST["finfo_user_phone"];
		$finfo_user_email = $_POST["finfo_user_email"];
		$finfo_user_set_timeout = $_POST["finfo_user_set_timeout"];
		$finfo_user_level = $_POST["finfo_user_level"];
		$finfo_user_send = $_POST["finfo_user_send"];
		$finfo_user_npass = $_POST["finfo_user_npass"];
		$finfo_user_anpass = $_POST["finfo_user_anpass"];
		
		if ($cat == "settings") {
			// EDIT ACP SETTINGS
			
			$fconf_weburl = $_POST["conf_weburl"];
			$fconf_acpurl = $_POST["conf_acpurl"];
			$fconf_bpath = $_POST["conf_bpath"];
			$fconf_apath = $_POST["conf_apath"];
			$fconf_mpath = $_POST["conf_mpath"];
			$fconf_tpath = $_POST["conf_tpath"];
			$fconf_passmin = $_POST["conf_passmin"];
			$fconf_passmax = $_POST["conf_passmax"];
			$fconf_timeout = $_POST["conf_timeout"];
			$fconf_alin = $_POST["conf_alin"];
			$fconf_alou = $_POST["conf_alou"];
			$fconf_shosid = $_POST["conf_shosid"];
			

			$save_settings = "UPDATE  `".$DBprefix."settings` SET `conf_weburl` =  '$fconf_weburl', `conf_acpurl` =  '$fconf_acpurl', `conf_bpath` =  '$fconf_bpath', `conf_apath` =  '$fconf_apath', `conf_mpath` = '$fconf_mpath', `conf_tpath` =  '$fconf_tpath', `conf_passmin` =  '$fconf_passmin', `conf_passmax` =  '$fconf_passmax', `conf_timeout` =  '$fconf_timeout', `conf_alin` = '$fconf_alin', `conf_alou` = '$fconf_alou', `conf_shosid` = '$fconf_shosid' WHERE  `conf_id` = '1' LIMIT 1";
			$execute_save = mysql_query($save_settings);	
			
			header ("Location: in.php?show=config&m=1");
			
		} // END SAVE ACP SETTINGS
		
		
		if ($cat == "edituser") {
			// EDIT USER INFO
			
			if (empty($finfo_user_npass) AND empty($finfo_user_anpass)) {
				// CHECK IF HE PASSWORD FIELDS ARE EMPTY
				
				$edit_user = "UPDATE `".$DBprefix."signup` SET `user_fname` = '$finfo_user_fname', `user_lname` = '$finfo_user_lname', `user_phone` = '$finfo_user_phone', `user_email` = '$finfo_user_email',`user_level` = '$finfo_user_level',`user_set_timeout` = '$finfo_user_set_timeout' WHERE `user_id` = '$uid' LIMIT 1";	
				$execute_edit_user = mysql_query($edit_user);	
				
				header ("Location: in.php?show=config&view=users&m=12"); die();	
					
			} else {
				
				if ($finfo_user_npass == $finfo_user_anpass) {
					// CHECK IF THE NEW PASSWORDS MATCH 
					if ($uid == "1" AND $info_user_id != "1") { header("Location: in.php?show=config&view=permusers&e=1"); die(); } else if ($uid == "1" AND $info_user_id == "1") { header("Location: in.php?show=profile&view=password");  die(); }

					$code_pass = md5($finfo_user_anpass);
					
					$edit_user = "UPDATE `".$DBprefix."signup` SET `user_pass` = '$code_pass', `user_fname` = '$finfo_user_fname', `user_lname` = '$finfo_user_lname', `user_phone` = '$finfo_user_phone', `user_email` = '$finfo_user_email',`user_level` = '$finfo_user_level',`user_set_timeout` = '$finfo_user_set_timeout' WHERE `user_id` = '$uid' LIMIT 1";	
					$execute_edit_user = mysql_query($edit_user);
					
					header ("Location: in.php?show=config&view=users&m=13"); die();
					
				} else {
					
				$edit_user = "UPDATE `".$DBprefix."signup` SET `user_fname` = '$finfo_user_fname', `user_lname` = '$finfo_user_lname', `user_phone` = '$finfo_user_phone', `user_email` = '$finfo_user_email',`user_level` = '$finfo_user_level',`user_set_timeout` = '$finfo_user_set_timeout' WHERE `user_id` = '$uid' LIMIT 1";	
				$execute_edit_user = mysql_query($edit_user);
				
				header ("Location: in.php?show=config&view=users&e=7"); die();	
					
				}
				
				
			}
			
			
			} // END SAVE EDIT USER.
		
		if ($cat == "adduser") { 
			// ADD USERS IN CONFIG TAB
			if (!empty($finfo_user_name)) {
				
				// LETS CHECK IF THE USERS EXISTS
				 $get_user_info = "SELECT * FROM `".$DBprefix."signup` WHERE `user_name` LIKE '$finfo_user_name'";  
				 $execute_get_user_info = mysql_query($get_user_info); 
				if ($user_check = mysql_fetch_array($execute_get_user_info)) { $existing_user = $user_check["user_name"]; }
				
				if ($finfo_user_name == $existing_user) { header ("Location: in.php?show=config&view=adduser&e=6&ef=$finfo_user_name"); die(); }
				
				// IF USERS IS NOT FOUND PROCEED WITH ADDING HIM
				$gen_pass = generatePassword();
				$coded_pass = md5($gen_pass);
				$add_user = "INSERT INTO `".$DBprefix."signup` (`user_name`, `user_fname`, `user_lname`, `user_phone`, `user_email`, `user_set_timeout`, `user_level`, `user_adddate`, `user_lastlogin`, `user_logindns`, `user_loginfail`, `user_numloginfail`, `user_actnum`, `user_pass`) VALUES ('$finfo_user_name', '$finfo_user_fname', '$finfo_user_lname', '$finfo_user_phone', '$finfo_user_email', '$finfo_user_set_timeout', '$finfo_user_level', '$timedate', '0', '0', '0', '0', '0', '$coded_pass')";  
				$execute_add_user = mysql_query($add_user);
				
				if ($finfo_user_send == 1 && !empty($finfo_user_email)) {

					
					$mid = base64_encode("$finfo_user_name||$gen_pass");

					header ("Location: mailer.php?temp=newuser&do=send&mid=$mid");

					die();
									
				}
				header("Location: in.php?show=config&view=users&m=5&mf=$gen_pass");
				
			} else { header ("Location: in.php?show=config&view=adduser&e=5"); die(); } // EMPTY INFO
		} // END ADD USER
		
		if ($cat == "permissions") {
			if ($for == "users") {
				// SAVE USER PERMISSIONS
			
				if ($uid !== "0" AND $pid !== "0" AND $perm !== "0") {
					
					// LETS GET INFO FROM PERMSSION TABLE
					$get_user_permissions = "SELECT * FROM `".$DBprefix."access` WHERE `userid` = '$uid' AND `pageid` = '$pid'";  
					$execute_get_user_permissions = mysql_query($get_user_permissions); 

				while ($user_permissions = mysql_fetch_array($execute_get_user_permissions)) {
					$user_perm = $user_permissions["permission"];
				}

				if (empty($user_perm)) {
					$add_permission = "INSERT INTO `".$DBprefix."access` (`userid`, `pageid`, `permission`) VALUES ('$uid', '$pid', '$perm')";  
					$execute_add_permission = mysql_query($add_permission);	
				} else {
					$update_permission = "UPDATE  `".$DBprefix."access` SET  `permission` =  '$perm' WHERE  `userid` = '$uid' AND `pageid` = '$pid' LIMIT 1";  
					$execute_update_permission = mysql_query($update_permission);	
				}
			
			
					header("Location: in.php?show=config&view=permusers&m=11");
			
				} else { header("Location: in.php?show=config&view=permusers&e=1"); }
					
			} // END USER PERMISSIONS
			
			if ($for == "categories") {
				// SAVE CATEGORIES PERMISSION
				
				// GET VARIABLES FROM THE FORM
				$pagename = $_POST["pagename"];
				$pagesub = $_POST["pagesub"];
				$defperm = $_POST["defperm"];
				
				if (!empty($pagesub) AND empty($pagename) ) { header("Location: in.php?show=config&view=permcat&e=1#cantsavejustsubpage"); die(); }
				else if (empty($pagename)) { header("Location: in.php?show=config&view=permcat&e=1#nothingspecified"); die(); }
				
				$add_permission = "INSERT INTO `".$DBprefix."access_pages` (`pagename`, `pagesub`, `pageperm`) VALUES ('$pagename', '$pagesub', '$defperm')";  
				$execute_add_permission = mysql_query($add_permission);	
				
				header("Location: in.php?show=config&view=permcat&m=11");
			} //END SAVE CATEGORIES PERMISSIONS
		
		}
		
		if ($cat == "module") {

			$target = "./inc/modules/"; 
			$module_name = basename($_FILES['uploaded']['name']);

			list($name, $extension) = explode(".", $module_name);


			$target = $target . $module_name; 

			$ok=1; 

			if (!file_exists($target)) {

				if(move_uploaded_file($_FILES['uploaded']['tmp_name'], $target)) {
					
					header("Location: in.php?show=config&view=modules&m=16");

				} else { header("Location: in.php?show=config&view=modules&e=8"); }	
				
				} else { header("Location: in.php?show=config&view=modules&e=9"); }
		
			
			
			
		} // END SAVE ADD MODULE
	} // END WHAT CONFIG
	
	if ($what == "services") {
		// SERVICES
		
		$serv_group = $_POST["serv_group"];
		$serv_name = $_POST["serv_name"];
		$serv_discount = $_POST["serv_discount"];
		$serv_bprice = $_POST["serv_bprice"];
		$serv_desc = $_POST["serv_desc"];
		$serv_addby = $_POST["serv_addby"];
		
		// GROUPS
		$group_name = $_POST["group_name"];
		$group_desc = $_POST["group_desc"];
		
		if ($cat == "service") {
			// ADD NEW SERVICE
			
			$add_service = "INSERT INTO `".$DBprefix."services` (`serv_group`,`serv_name`,`serv_discount`,`serv_bprice`,`serv_desc`,`serv_addby`) VALUES ('$serv_group','$serv_name','$serv_discount','$serv_bprice','$serv_desc','$info_user_id');";  
			$execute_add_service = mysql_query($add_service);
				
			header("Location: in.php?show=mod&modid=$modid&view=services&m=24");
			
			
		} // END ADD NEW SERVICE
		
		if ($cat == "group") {
			// ADD NEW GROUP
			
			$add_group = "INSERT INTO `".$DBprefix."service_groups` (`group_name`,`group_desc`,`group_addby`) VALUES ('$group_name','$group_desc','$info_user_id')";  
			$execute_add_group = mysql_query($add_group);
				
			header("Location: in.php?show=mod&modid=$modid&view=groups&m=30");
			
			
		} // END ADD NEW GROUP
        
        if ($cat == "quote") {
            // ADD NEW QUOTE
            
            
        } // END ADD NEW QUOTE
        
        
        if ($cat == "so") {
            // ADD NEW SERVICE ORDER
            
            $so_type = $_POST["so_type"];
            
            $pay_date = $timedate + 2678400;
            
            // LETS CALCULATE THE INVOICE NUMBER
            $get_last_invno = "SELECT `so_number` FROM `".$DBprefix."service_orders` WHERE `so_id` = '1' LIMIT 1";
            $execute_get_last_invno = mysql_query($get_last_invno); 

            if ($invno = mysql_fetch_array($execute_get_last_invno)){
            	$old_sonumber = $invno["so_number"];
            	$new_sonumber = $old_sonumber + 1;
			
    			$update_soNumber = "UPDATE `".$DBprefix."service_orders` SET `so_number` = '$old_sonumber' + 1 WHERE `so_id` = '1'";  
    			$execute_update_soNumber = mysql_query($update_soNumber);

            	if ($new_sonumber < 10) { $new_sonumber = "000$new_sonumber"; } else if ($new_sonumber < 100) { $new_sonumber = "00$new_sonumber"; } else if ($new_sonumber < 1000) { $new_sonumber = "0$new_sonumber"; }

                	$new_sonumber = date("y", $timedate) . $new_sonumber;

            }

            // END LETS CALCULATE THE INVOICE NUMBER
            
            //************* CREATE INVOICE **************//

            $create_invoice = "INSERT INTO `".$DBprefix."service_orders` (`so_number`,`so_type`,`so_cid`,`so_status_reason`,`so_opendate`,`so_paydate`,`so_addby`) VALUES ('$new_sonumber','$so_type','$cid','Not Paid!','$timedate','$pay_date','$info_user_id')";
            $execute_create_invoice = mysql_query($create_invoice);

            // LETS GET SO ID
            $get_soid = "SELECT * FROM `".$DBprefix."service_orders` WHERE `so_number` = '$new_sonumber' LIMIT 1";  
            $execute_get_soid = mysql_query($get_soid); 

            if ($so = mysql_fetch_array($execute_get_soid)){
                $so_id = $so["so_id"];

            }
            // END GET SO ID

            //********** END CREATE INVOICE ************//
            
            //echo "INSERT INTO `".$DBprefix."service_orders` (`so_number`,`so_type`,`so_cid`,`so_note`,`so_status_reason`,`so_opendate`,`so_paydate`,`so_addby`) VALUES ('$new_sonumber','$so_type','$cid','Not Paid!','$timedate','$pay_date','$info_user_id')";
            
		header("Location: in.php?show=mod&view=detail&soid=$so_id&modid=$modid&m=28");
            
            
        } // END ADD NEW SERVICE ORDER
        		
		if ($cat == "soitem") {
			// ADD NEW SERVICE
			
			$serv_id = $_POST["serv_id"];
			$serv_qty = $_POST["serv_qty"];
			$serv_shipping = $_POST["serv_shipping"];
			$fserv_discount = $_POST["serv_discount"];
			$so_id = $_POST["soid"];
			$so_number = $_POST["sonumber"];
			
			// LETS GET SERVICE FROM DATABASE
			$get_service = "SELECT * FROM `".$DBprefix."services` WHERE `serv_id` LIKE '$serv_id' LIMIT 1";  
			$execute_get_service = mysql_query($get_service); 

			if ($service = mysql_fetch_array($execute_get_service)){

				
				$serv_group = $service["serv_group"];
				$serv_name = $service["serv_name"];
				$serv_discount = $service["serv_discount"];
				$serv_bprice = $service["serv_bprice"];
				
				if ($serv_discount == 0 OR $serv_discount == "") { $serv_discount = $fserv_discount; }
			}
			
			// LETS GET SO TOTAL FROM DATABASE
			$get_so = "SELECT * FROM `".$DBprefix."service_orders` WHERE `so_id` LIKE '$so_id' LIMIT 1";  
			$execute_get_so = mysql_query($get_so); 

			if ($so = mysql_fetch_array($execute_get_so)){
			
				$so_total = $so["so_total"];
                $so_discount = $so["so_discount"];
				
			}
			
			
			
			$item_subtotal = $serv_bprice * $serv_qty;
			$item_discount = ($serv_discount / 100) * $item_subtotal;
			
			$item_total = $item_subtotal - $item_discount + $serv_shipping;
			
			$round_serv_total = round($item_total, 2);
			
			
			//NOW WE NEED TO ADD THE ITEM TO THE SO
			$add_soitem = "INSERT INTO `".$DBprefix."service_details` (`sod_soid`,`sod_servid`,`sod_servname`,`sod_servprice`,`sod_discount`,`sod_shipping`,`sod_tax`,`sod_qty`,`sod_total`,`sod_addby`) VALUES ('$so_id','$serv_id','$serv_name','$serv_bprice','$serv_discount','$serv_shipping','0','$serv_qty','$round_serv_total','$info_user_id')";  
			$execute_add_soitem = mysql_query($add_soitem);
				
			header("Location: $info_reffered_url&m=28");
			
		} // END ADD NEW SERVICE TO INVOICE
		
		
		// **** REMOVE **** //
		
		
	} // END WHAT SERVICES
	
	if ($what == "customers") {
		// ADD A NEW CUSTOMER
		
		$cust_cname = $_POST["cust_cname"];
		$cust_fname = $_POST["cust_fname"];
		$cust_lname = $_POST["cust_lname"];
		$cust_1phone = $_POST["cust_1phone"];
			$cust_1phone = ereg_replace("[^A-Za-z0-9]", "", $cust_1phone);
		$cust_2phone = $_POST["cust_2phone"];
			$cust_2phone = ereg_replace("[^A-Za-z0-9]", "", $cust_2phone);
		$cust_email = $_POST["cust_email"];
		$cust_apt = $_POST["cust_apt"];
		$cust_street = $_POST["cust_street"];
		$cust_city = $_POST["cust_city"];
		$cust_state = $_POST["cust_state"];
		$cust_zip = $_POST["cust_zip"];
		$cust_www = $_POST["cust_www"];
		$cust_ddns = $_POST["cust_ddns"];
		$cust_avk = $_POST["cust_avk"];
		$cust_comments = $_POST["cust_comments"];
		$cust_accnumber = $_POST["cust_accnumber"];
		
		if ($cat == "addcust") { 
		// ADD CUSTOMER
			if (!empty($cust_fname)) {
				
				// LETS CHECK IF THE CUSTOMER EXISTS
				$get_customer_info = "SELECT * FROM `".$DBprefix."customers` WHERE `cust_fname` LIKE '$cust_fname'";  
				$execute_get_customer_info = mysql_query($get_customer_info);
				
				while ($customer_check = mysql_fetch_array($execute_get_customer_info)) {
					$existing_customer_fname = $customer_check["cust_fname"];
					$existing_customer_lname = $customer_check["cust_lname"];
					$existing_customer_1phone = $customer_check["cust_1phone"];
					$existing_customer_2phone = $customer_check["cust_2phone"];

					if (empty($cust_lname) AND empty($cust_1phone)) { header("Location: in.php?show=mod&view=add&modid=$modid&e=10"); die();}
					if (!empty($cust_lname) AND $cust_lname == $existing_customer_lname AND $cust_1phone <> $existing_customer_1phone) { header("Location: in.php?show=mod&view=add&modid=$modid&e=21"); die(); }
					if (!empty($cust_1phone) AND $cust_1phone == $existing_customer_1phone) { header("Location: in.php?show=mod&view=add&modid=$modid&e=22"); die(); }	
	
				} // END WHILE 
				

				// IF CUSTOMER IS NOT FOUND PROCEED WITH ADDING
			
				$add_customer = "INSERT INTO `".$DBprefix."customers` (`cust_cname`,`cust_fname`,`cust_lname`,`cust_1phone`,`cust_2phone`,`cust_email`,`cust_apt`,`cust_street`,`cust_city`,`cust_state`,`cust_zip`,`cust_www`,`cust_ddns`,`cust_avk`,`cust_comments`,`cust_addby`,`cust_addate`,`cust_accnumber`) VALUES ('$cust_cname','$cust_fname','$cust_lname','$cust_1phone','$cust_2phone','$cust_email','$cust_apt','$cust_street','$cust_city','$cust_state','$cust_zip','$cust_www','$cust_ddns','$cust_avk','$cust_comments','$info_user_id','$timedate','$cust_accnumber')";  
				$execute_add_customer = mysql_query($add_customer);

				
				//echo "$cust_fname :: $cust_lname :: $cust_1phone :: $cust_2phone :: $cust_email :: $cust_apt :: $cust_street :: $cust_city :: $cust_state :: $cust_zip :: $cust_comments :: $cust_accnumber || $info_user_id :: $timedate ";
				header("Location: in.php?show=mod&modid=$modid&m=17");
				
				
			} else { header ("Location: in.php?show=mod&view=add&modid=$modid&e=11"); die(); } // EMPTY INFO

		} // END ADD CUSTOMER
		
		if ($cat == "adddevice") {
			// ADD DEVICE
			
			$dev_type = $_POST["dev_type"];
			$dev_make = $_POST["dev_make"];
			$dev_model = $_POST["dev_model"];
			$dev_os = $_POST["dev_os"];
			$dev_comments = $_POST["dev_comments"];
			
			$add_device = "INSERT INTO `".$DBprefix."devices` (`dev_custid`,`dev_type`,`dev_make`,`dev_model`,`dev_os`,`dev_comments`,`dev_adddate`,`dev_addby`) VALUES ('$cid','$dev_type','$dev_make','$dev_model','$dev_os','$dev_comments','$timedate','$info_user_id')";  
			$execute_add_device = mysql_query($add_device);	
			

			header("Location: in.php?show=mod&view=detail&modid=$modid&cid=$cid&m=1");

		} // END WHAT ADD DEVICE
		
		
	} // END WHAT CUSTOMERS


} // #1 END  SAVE INFORMATION SENT FROM THE FORM

if ($act == "change") { 
	//#1 CHANGE SETTINGS
	//echo " " . $_POST["what"] . " | " . $_POST["cat"] . "";

	if ($what == "services") {
		//CHANGE SERVICE ORDERS AND OTHER
		if ($cat == "soitem") {
			// CHANGE SERVICE DETAILS
			
			$serv_name = $_POST["serv_name"];
			$serv_discount = $_POST["serv_discount"];
			$serv_shipping = $_POST["serv_shipping"];
            $serv_bprice = $_POST["serv_price"];
			$serv_qty = $_POST["serv_qty"];
			
            
			$item_subtotal = $serv_bprice * $serv_qty;
			$item_discount = ($serv_discount / 100) * $item_subtotal;
			
			$item_total = $item_subtotal - $item_discount + $serv_shipping;
			
			$round_serv_total = round($item_total, 2);
            
			$update_sod = "UPDATE `".$DBprefix."service_details` SET `sod_servname` = '$serv_name', `sod_total` = '$round_serv_total', `sod_servprice` = '$serv_bprice', `sod_discount` = '$serv_discount', `sod_shipping` = '$serv_shipping', `sod_qty` = '$serv_qty' WHERE `sod_id` = '$sodid' LIMIT 1";  
			$exe_update_sod = mysql_query($update_sod);
			
			header("Location: in.php?show=mod&modid=$modid&view=detail&soid=$soid&m=29");
			die();
			
			
		} //END CHANGE SERVICE DETAILS
		
		if ($cat == "so") {
			// CHANGE SO INFO
			
			//LETS GET INFO FROM THE FORM
			$fso_discount = $_POST["so_discount"];
			$fso_status = $_POST["so_status"] . $_GET["status"];
			$fso_tax = $_POST["so_tax"];
			$fso_did = $_POST["so_did"];
			$fso_pname = $_POST["so_pname"];
			$fso_note = $_POST["so_note"];
			$fso_tnote = $_POST["so_tnote"];
			$fso_opend = $_POST["fso_opend"];
			$fso_payd = $_POST["fso_payd"];
			$fso_status_reason = $_POST["so_status_reason"];
			$fso_so_paytype = $_POST["so_paytype"];
		
			
			// LETS GET SERVICE ORDER DATA
			$get_so = "SELECT * FROM `".$DBprefix."service_orders` WHERE `so_id` = '$soid' LIMIT 1";  
			$execute_get_so = mysql_query($get_so); 

			if ($so = mysql_fetch_array($execute_get_so)){
				$so_id = $so["so_id"];
				$so_number = $so["so_number"];
				$so_cid = $so["so_cid"];
				$so_did = $so["so_did"];
				$so_pname = $so["so_pname"];
				$so_discount = $so["so_discount"];
				$so_tax = $so["so_tax"];
				$so_status = $so["so_status"];
				$so_status_reason = $so["so_status_reason"];
				$so_opendate = $so["so_opendate"];
				$so_paydate = $so["so_paydate"];
				$so_paytype = $so["so_paytype"];
				$so_closedate = $so["so_closedate"];
				$so_refunddate = $so["so_refunddate"];
				$so_addby = $so["so_addby"];
				
	
			} // END GET SO DATA
			
			if (empty($fso_opend) AND empty($fso_payd)) { 

				$nso_opendate = $so_opendate; 
				$nso_paydate = $timedate; 
			
			} else {

				list($m, $d, $y) = explode(".",$fso_opend);
				list($h, $i, $s) = explode(".", date("H.i.s", $so_opendate));

				list($m1, $d1, $y1) = explode(".",$fso_payd);
				list($h1, $i1, $s1) = explode(".", date("H.i.s", $so_paydate));
	
				$nso_opendate = mktime($h,$i,$s,$m,$d,$y);
				$nso_paydate = mktime($h1,$i1,$s1,$m1,$d1,$y1);
			}

			if ($so_status == "0" AND $fso_status == "1") { $nso_paydate = $timedate; $fso_status_reason = "Thank you for your payment!";}
			if ($so_status == "1" AND $fso_status == "0") { $fso_status_reason = "Not Paid!";}

			if ($_GET["status"] == "1") {
				$update_so = "UPDATE `".$DBprefix."service_orders` SET `so_paytype` = '$so_paytype', `so_pname` = '$so_pname', `so_discount` = '$so_discount',`so_tax` = '$fso_tax', `so_status_reason` = '$fso_status_reason',`so_status` = '$fso_status',`so_note` = '$so_note',`so_tnote` = '$so_tnote',`so_opendate` = '$nso_opendate',`so_paydate` = '$nso_paydate',`so_did` = '$so_did' WHERE `so_id` = '$soid'";  
			} else {
				$update_so = "UPDATE `".$DBprefix."service_orders` SET `so_paytype` = '$fso_so_paytype', `so_pname` = '$fso_pname', `so_discount` = '$fso_discount',`so_tax` = '$fso_tax', `so_status_reason` = '$fso_status_reason',`so_status` = '$fso_status',`so_note` = '$fso_note',`so_tnote` = '$fso_tnote',`so_opendate` = '$nso_opendate',`so_paydate` = '$nso_paydate',`so_did` = '$fso_did' WHERE `so_id` = '$soid'";  
			}


			$exe_update_so = mysql_query($update_so);
			
			header("Location: $info_reffered_url&m=1");
			die();
			
		} // END CAT SO
	} // END CHANGE SERVICES
	
	if ($what == "permission") {
		// CHANGE PERMISSONS FOR USERS AND CATEGORIES
		if ($for == "user") {
			// CHNAGE PERMISSIONS FOR USERS
		
			$query = "UPDATE `".$DBprefix."access` SET `permission` = '$to' WHERE `userid` = '$uid' AND `pageid` = '$pid'";  
			$result = mysql_query($query);
			 
			
			header("Location: in.php?show=config&view=permusers&m=11");
			
		} // END CHANGE PERMISSIONS FOR USERS
		
		if ($for == "categories") {
			// CHNAGE PERMISSIONS FOR USERS
		
			$query = "UPDATE `".$DBprefix."access_pages` SET `pageperm` = '$to' WHERE `pageid` = '$pid'";  
			$result = mysql_query($query);
			 
			
			header("Location: in.php?show=config&view=permcat&m=11");
			
		} // END CHANGE PERMISSIONS FOR CATEGORIES	
		
	} // END CHANGE PERMISSIONS FOR USERS AND CATEGORIES
	
	
	if ($what == "user") { 
		// #2 CHANGE USER SETTINGS 
		
		if ($set == "lock") { 
			// LOCK USER ACCOUNT
			
			
			// LETS MAKE SURE ITS NOT ADMIN!
			if ($uid == "1") { header("Location: in.php?show=config&view=users&e=1"); die(); }


			$query = "UPDATE `".$DBprefix."signup` SET `user_set_lock` = '$to' WHERE `user_id` = '$uid'";  
			$result = mysql_query($query);
			
			if ($to == 0) {
				header("Location: in.php?show=config&view=users&m=7");
			} else {
				header("Location: in.php?show=config&view=users&m=6");
			}
				
			
		} // END LOCK USER ACCOUNT
		
		if ($set == "logout") { 
			// ENABLES ADMIN TO LOGOUT OTHER USERS
			
			$query = "UPDATE `".$DBprefix."logs` SET `log_sesexp` = '$timedate' WHERE `log_id` = '$lid' AND `log_userid` !=1";  
			$result = mysql_query($query);	
			
			header("Location: in.php?show=logs&view=user&m=9");		
			
		} // END LOGOUT OTHER USERS
	
	} // #2 END CHANGE USER SETTINGS 

	if ($what == "customers") {
		// SAVE CHANGES TO CUSTOMER

		$cust_cname = $_POST["cust_cname"];
		$cust_fname = $_POST["cust_fname"];
		$cust_lname = $_POST["cust_lname"];
		$cust_1phone = $_POST["cust_1phone"];
			$cust_1phone = ereg_replace("[^A-Za-z0-9]", "", $cust_1phone);
		$cust_2phone = $_POST["cust_2phone"];
			$cust_2phone = ereg_replace("[^A-Za-z0-9]", "", $cust_2phone);
		$cust_email = $_POST["cust_email"];
		$cust_apt = $_POST["cust_apt"];
		$cust_street = $_POST["cust_street"];
		$cust_city = $_POST["cust_city"];
		$cust_state = $_POST["cust_state"];
		$cust_zip = $_POST["cust_zip"];
		$cust_www = $_POST["cust_www"];
		$cust_ddns = $_POST["cust_ddns"];
		$cust_avk = $_POST["cust_avk"];
		$cust_comments = $_POST["cust_comments"];
		$cust_accnumber = $_POST["cust_accnumber"];

		if ($cat == "editcust") {
			// SAVE EDIT CUSTOMERS

			$update_customer = "UPDATE `".$DBprefix."customers` SET `cust_www` = '$cust_www', `cust_ddns` = '$cust_ddns', `cust_avk` = '$cust_avk', `cust_cname` = '$cust_cname',`cust_fname` = '$cust_fname',`cust_lname` = '$cust_lname',`cust_1phone` = '$cust_1phone',`cust_2phone` = '$cust_2phone',`cust_email` = '$cust_email',`cust_apt` = '$cust_apt',`cust_street` = '$cust_street',`cust_city` = '$cust_city',`cust_state` = '$cust_state',`cust_zip` = '$cust_zip',`cust_comments` = '$cust_comments',`cust_accnumber` = '$cust_accnumber' WHERE `cust_id` = '$cid' LIMIT 1";  
			$execute_update_customer = mysql_query($update_customer);
			
			header("Location: in.php?show=mod&modid=$modid&m=19");
			
		} // END SAVE EDIT CUSTOMERS		

	} // END SAVE CHANGES TO CUSTOMER

} // #1 END CHANGE SETTINGS

if ($act == "delete") { 
	// #1 DELETE STUFF
	
	if ($what == "user") { 
		// #2 DELETE USER
		
		// LETS MAKE SURE ITS NOT ADMIN!
		if ($uid == "1") { header("Location: in.php?show=config&view=users&e=1"); die(); }
		
		// REMOVE ANY USER INPUT
		$query = "DELETE FROM `".$DBprefix."todo` WHERE `uid` = '$uid'";  
		$result = mysql_query($query);


		// REMOVE USER
		$query2 = "DELETE FROM `".$DBprefix."signup` WHERE `user_id` = '$uid' LIMIT 1";  
		$result2 = mysql_query($query2);


/*		
		$opt_todo = "OPTIMIZE `".$DBprefix."todo`";   
		$execute_opt_todo = mysql_query($opt_todo);

		$opt_logs = "OPTIMIZE `".$DBprefix."logs`";  
		$execute_opt_logs = mysql_query($opt_logs);

		$opt_signup = "OPTIMIZE `".$DBprefix."signup`";  
		$execute_opt_signup = mysql_query($opt_signup);
*/
		
		header("Location: in.php?show=config&view=users&m=8");
	} // END DELETE USER
	
	if ($what == "permission") {
		// DELETE PERMISSIONS
		
		if ($for == "user") {
			// DELET PERMISSIONS FOR USERS
			$query = "DELETE FROM `".$DBprefix."access` WHERE `userid` = '$uid' AND `pageid` = '$pid' AND `permission` = '$perm' LIMIT 1";  
			$result = mysql_query($query);
			
			header("Location: in.php?show=config&view=permusers&m=10");
			
		} // END DELETE PERMISSIONS FOR USERS
		
		if ($for == "categories") {
			// DELET PERMISSIONS FOR CATEGORIES
			
			// DELET PERMISSIONS FOR CATEGORIES
			$query = "DELETE FROM `".$DBprefix."access_pages` WHERE `pageid` = '$pid' LIMIT 1";  
			$result = mysql_query($query);

			// DELET PERMISSIONS FOR USERS
			$query = "DELETE FROM `".$DBprefix."access` WHERE `pageid` = '$pid' LIMIT 1";  
			$result = mysql_query($query);
			
			header("Location: in.php?show=config&view=permcat&m=10");
			
		} // END DELETE PERMISSIONS FOR CATEGORIES
		
	} // END DELETE PERMISSION USERS AND CATEGORIES
	
	if ($what == "customer") {
		// DELETE CUSTOMER
		
		// DELETE ALL DEVICES FOR THAT CUSTOMER
		$query = "DELETE FROM `".$DBprefix."devices` WHERE `dev_custid` = '$cid'";  
		$result = mysql_query($query);

		// DELETE CUSTOMER DATA
		$query = "DELETE FROM `".$DBprefix."customers` WHERE `cust_id` = '$cid' LIMIT 1";  
		$result = mysql_query($query);
			
		header ("Location: in.php?show=mod&modid=$modid&m=18");
		
	} // END DELETE CUSTOMER 
	
	if ($what == "device") {
			// REMOVE DEVICE
			
			// DELET DEVICE FROM CUSTOMER
			$query = "DELETE FROM `".$DBprefix."devices` WHERE `dev_id` = '$did' LIMIT 1";  
			$result = mysql_query($query);
			

			header("Location: in.php?show=mod&view=detail&modid=$modid&cid=$cid&e=18");

	} // END WHAT REMOVE DEVICE
	
	if ($what == "file") {
		// DELETE FILE
	
	$delete_file = "./inc/modules/". $_GET["fn"];	
	
	unlink($delete_file);
	
	header("Location: in.php?show=config&view=modules&m=23");
	die();


	} // END DELETE FILE
	
	if ($what == "services") {
		// DELETE SERVICES
		
		if ($cat == "service") {
			// DELETE SERVICE
			
			// DELET SERVICE 
			$del_service = "DELETE FROM `".$DBprefix."services` WHERE `serv_id` = '$sid' LIMIT 1";  
			$execute_del_service = mysql_query($del_service);
			

			header("Location: in.php?show=mod&view=services&modid=$modid&e=17");
			die();
		} // END DELETE SERVICE
		
		if ($cat == "group") {
			// DELETE GROUP
			
			// DELET SERVICE GROUP
			$del_group = "DELETE FROM `".$DBprefix."service_groups` WHERE `group_id` = '$gid' LIMIT 1";  
			$execute_del_group = mysql_query($del_group);
			

			header("Location: in.php?show=mod&view=groups&modid=$modid&e=15");
			die();
		} // END DELETE GROUP
		
		if ($cat == "so") {
			// DETELE SERVICE ORDER AND ALL ITS DATA
			
			$del_soitems= "DELETE FROM `".$DBprefix."service_details` WHERE `sod_soid` = '$soid'";  
			$execute_del_soitems = mysql_query($del_soitems);
			
			$del_so = "DELETE FROM `".$DBprefix."service_orders` WHERE `so_id` = '$soid'";  
			$execute_del_so = mysql_query($del_so);
			
			header("Location: $info_reffered_url&e=16");
			die();
		}
		
		if ($cat == "soitem") {
			// DETELE AN ITEM FROM A SERVICE ORDER

			
			// FINALLY WE CAN DELETE EVERYTHING
			$del_soitems= "DELETE FROM `".$DBprefix."service_details` WHERE `sod_id` = '$sodid'";  
			$execute_del_soitems = mysql_query($del_soitems);
			
			
			header("Location: $info_reffered_url&e=14");
			die();
		}
		
	} // END DETELE AN ITEM FROM A SERVICE ORDER

	
} // END DELETE STUFF

?>